[Security-news] Minify Source HTML - Moderately critical - Cross site scripting - SA-CONTRIB-2023-032
security-news at drupal.org
security-news at drupal.org
Wed Jul 26 20:00:10 UTC 2023
View online: https://www.drupal.org/sa-contrib-2023-032
Project: Minify Source HTML [1]
Date: 2023-July-26
Security risk: *Moderately critical* 11∕25
AC:Basic/A:None/CI:None/II:None/E:Proof/TD:All [2]
Vulnerability: Cross site scripting
Affected versions: <1.13.0 || >=2.0.0 <2.0.3
Description:
Carefully crafted input by an attacker will not be sanitized by this module,
which can result in a script injection.
Solution:
Install the latest version:
* If you use the Minify Source HTML module for Drupal 7.x, upgrade to
Minify
Source HTML 7.x-1.11 [3]
* If you use the Minify Source HTML module for Drupal 8.x/9.x, upgrade to
Minify Source HTML 8.x-1.13 [4]
* If you use the Minify Source HTML module for Drupal 9.x/10.x, upgrade to
Minify Source HTML 2.0.3 [5]
Reported By:
* Pierre Rudloff [6]
Fixed By:
* Scott Joudry [7]
* Pierre Rudloff [8]
[1] https://www.drupal.org/project/minifyhtml
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/minifyhtml/releases/7.x-1.11
[4] https://www.drupal.org/project/minifyhtml/releases/8.x-1.13
[5] https://www.drupal.org/project/minifyhtml/releases/2.0.3
[6] https://www.drupal.org/user/3611858
[7] https://www.drupal.org/user/1846786
[8] https://www.drupal.org/user/3611858
More information about the Security-news
mailing list